The many faces and activities of ever-evolving Necurs botnet

The powerful Necurs botnet has been around in the cybersecurity threat landscape since the time of its discovery. In Q4 2017, a report from McAfee had revealed that Necurs along with Gamut botnet had compromised 97% of spam botnet traffic. The botnet is primarily used to deliver other malware in different attack campaigns. The Necurs botnet is operated by a Russia-based threat actor group who is responsible for stealing millions of dollars using Dridex banking trojan and more recently the Locky ransomware. The botnet has been active since late 2012. With the passing years, the botnet has become one of the world’s largest botnets that can infect more than 6 million machines at a time.